6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.0%
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
secunia.com/advisories/39397
support.avaya.com/css/P8/documents/100091069
ubuntu.com/usn/usn-921-1
www.mandriva.com/security/advisories?name=MDVSA-2010:070
www.mozilla.org/security/announce/2010/mfsa2010-24.html
www.redhat.com/support/errata/RHSA-2010-0500.html
www.redhat.com/support/errata/RHSA-2010-0501.html
www.securityfocus.com/bid/39479
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0849
www.vupen.com/english/advisories/2010/1557
bugzilla.mozilla.org/show_bug.cgi?id=490790
exchange.xforce.ibmcloud.com/vulnerabilities/57396
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375